As promised, Adobe Systems today released security updates for its Acrobat and Reader software. The updates address a critical security vulnerability [CVE-2010-2862], as outlined in Adobe’s Security Bulletin [APSB10-17]. A fix for the Flash vulnerability, patched earlier this month, is also included for the use of Flash in these two products.
Either product can be updated using the built-in updating mechanism (Main menu: Help / Check for Updates). Alternatively, the updates for Reader can be downloaded using the following links:
If you are using Windows or Mac OS X, the patch is an incremental update from version 9.3.3 to 9.3.4, not a full installation. If you are using UNIX or Linux, the package files (which will be in the FTP directory
9.3.4/ENU for US English) are apparently full installation packages (there are .rpm, .deb, and .pkg formats available, as well as a tarball). If you use these download links, make sure you scroll down the page, if necessary, to get to version 9.3.4, which is the updated one.
Links for the Acrobat updates are in the Security Bulletin.
If you are using these products, especially Reader, I recommend that you install the update(s) as soon as you conveniently can. Like Adobe’s Flash, Reader is very widely installed across a variety of platforms, and that makes it an attractive target.